HttpSecurity, WebSecurity and AuthenticationManagerBuilder

by

configure(AuthenticationManagerBuilder) is used to establish an authentication mechanism by allowing AuthenticationProviders to be added easily: e.g. The following defines the in-memory authentication with the in-built ‘user’ and ‘admin’ logins.

public void configure(AuthenticationManagerBuilder auth) {
    auth
        .inMemoryAuthentication()
        .withUser("user")
        .password("password")
        .roles("USER")
    .and()
        .withUser("admin")
        .password("password")
        .roles("ADMIN","USER");
}

configure(HttpSecurity) allows configuration of web based security at a resource level, based on a selection match – e.g. The example below restricts the URLs that start with /admin/ to users that have ADMIN role, and declares that any other URLs need to be successfully authenticated.

protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/admin/**").hasRole("ADMIN")
        .anyRequest().authenticated()
}

configure(WebSecurity) is used for configuration settings that impact global security (ignore resources, set debug mode, reject requests by implementing a custom firewall definition). For example, the following method would cause any request that starts with /resources/ to be ignored for authentication purposes.

public void configure(WebSecurity web) throws Exception {
    web
        .ignoring()
        .antMatchers("/resources/**");
}

You can refer to the following link for more information Spring Security Java Config Preview: Web Security

More Related Contents:

  1. Filter invoke twice when register as Spring bean
  2. How to enable HTTP response caching in Spring Boot
  3. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  4. How to get active user’s UserDetails
  5. Add context path to Spring Boot application
  6. CORS allowed-origin restrictions aren’t causing the server to reject requests
  7. Disable Spring Security for OPTIONS Http Method
  8. How to bind an object list with thymeleaf?
  9. How to set base url for rest in spring boot?
  10. Filter order in spring-boot
  11. No serializer found for class org.hibernate.proxy.pojo.bytebuddy.ByteBuddyInterceptor
  12. Spring Boot and custom 404 error page
  13. Multipart File upload Spring Boot
  14. How to get the current logged in user object from spring security?
  15. Spring security does not allow CSS or JS resources to be loaded
  16. how to display custom error message in jsp for spring security auth exception
  17. Spring Boot Actuator without Spring Boot
  18. Spring Security 5 : There is no PasswordEncoder mapped for the id “null”
  19. Securing Spring Boot API with API key and secret
  20. What is username and password when starting Spring Boot with Tomcat?
  21. Spring security added prefix “ROLE_” to all roles name?
  22. Why this Spring application with java-based configuration don’t work properly
  23. How to re-create database before each test in Spring?
  24. How do I add method based security to a Spring Boot project?
  25. Spring REST security – Secure different URLs differently
  26. Programmatically restart Spring Boot application / Refresh Spring Context
  27. What does Cookie CsrfTokenRepository.withHttpOnlyFalse () do and when to use it?
  28. How I create an error handler (404, 500…) in Spring Boot/MVC
  29. disabling spring security in spring boot app [duplicate]
  30. Custom Authentication Manager with Spring Security and Java Configuration

Leave a Comment